On Tuesday 10 February 2015 10:37:38 Hugo Osvaldo Barrera wrote: > On 2015-02-10 13:30, Kristian Fiskerstrand wrote: > > On 02/10/2015 01:24 PM, Peter Lebbing wrote: > > > On 10/02/15 12:52, Kristian Fiskerstrand wrote: > > >> No, the signature is still valid: > > > Why? The key was revoked because it was superseded or has been > > > retired, not because it was stolen or compromised. > > > > Unless you rely on a trusted third party to provide signature stamps, > > signature dates can be forged. A key revocation should result in > > immediate questioning of all aspects of the key, as it currently does. > > There is no reason to assume that the signature has been forged if the key > has not been compromised. > > Also, I see no reason why I should not be able to assign a trust to a > revoked key - I might trust it even if the author revoked it as superseded: > > > $ gpg --edit 1BFBED44 > [... info on revoked key ...] > gpg> lsign > Key is revoked. Unable to sign. > > I believe the reason matters. I can even sit down with the owner of the key > and verify his ID and fingerprint and sign it, meaning "this key belongs to > this person, but was superseeded a week ago". If actually influences the > validity of anything he signed up to a week ago.
Use gpg --lsign --expert 1BFBED44 to sign the key despite the revocation. But this won't change the validity of the key. The validity of a revoked key is (and remains for all times) "revoked" (as far as gpg is concerned). Regards, Ingo
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
